|
1561
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out plugin for WordPress is vulnerable to unauthorized acc…
|
CWE-862
Missing Authorization
|
CVE-2024-13530
|
2025-01-31 17:15 |
2025-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1562
|
5.9 |
MEDIUM
Network
|
-
|
-
|
The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.24 via the 'uploads' directory. This makes it possible fo…
|
CWE-200
Information Exposure
|
CVE-2024-13623
|
2025-01-31 16:15 |
2025-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1563
|
- |
|
-
|
-
|
A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access o…
|
-
|
CVE-2025-22216
|
2025-01-31 15:15 |
2025-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1564
|
7.2 |
HIGH
Network
-
|
-
|
The Link Fixer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via broken links in all versions up to, and including, 3.4 due to insufficient input sanitization and output escaping.…
|
CWE-79
Cross-site Scripting
|
CVE-2025-0809
|
2025-01-31 15:15 |
2025-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1565
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae and vcita_ajax_togg…
|
CWE-862
Missing Authorization
|
CVE-2024-13717
|
2025-01-31 15:15 |
2025-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1566
|
7.2 |
HIGH
Network
-
|
-
|
The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including, 1.7.42…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13504
|
2025-01-31 15:15 |
2025-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1567
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Ni Sales Commission For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'niwoosc_ajax' AJAX endpoint in all versions up to, and incl…
|
CWE-862
Missing Authorization
|
CVE-2024-13424
|
2025-01-31 15:15 |
2025-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1568
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all version…
|
CWE-862
Missing Authorization
|
CVE-2024-13415
|
2025-01-31 15:15 |
2025-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1569
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function …
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2024-13216
|
2025-01-31 15:15 |
2025-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1570
|
- |
|
-
|
-
|
The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could al…
|
-
|
CVE-2024-13101
|
2025-01-31 15:15 |
2025-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
